Installing And Configuring Docker Community Edition(CE) On GNU/Linux

Docker is a open source container program that performs operating-system-level virtualization. Docker currently provides three products Enterprise Edition(EE)、Community Edition(CE) and Cloud. This article documents how to install and configure Docker CE in GNU/Linux, then implement the entire process through Shell script.

Official Site

Relevant official site of Docker

Tutorials

Docker provides some tutorials in its Github repository. If you’re a newbie, it may be useful for you to learn Docker.

• Docker Tutorials and Labs
• Docker for beginners

Official tutorials of Docker

• Learn the basics of Docker
• Docker Engine user guide

If you wanna learn more, please read its official document site.

Introduction

What is Docker?

Architecture

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. Both the Docker client and the daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate via sockets or through a RESTful API. — Understand the architecture

More info about Docker, please read Docker overview

VS Virtual Machine

Docker Container is a methos of virtualization, but it is different from virtual machine, such as Vagrant.

virtual machine

Each virtual machine includes the application, the necessary binaries and libraries and an entire guest operating system - all of which may be tens of GBs in size.

container

Containers include the application and all of its dependencies, but share the kernel with other containers. They run as an isolated process in userspace on the host operating system. They’re also not tied to any specific infrastructure – Docker containers run on any computer, on any infrastructure and in any cloud.

The following pictures are from What is a Container?.

Virtual Machines

Old picture

New picture

Containers

Old picture

New picture

Containers and Virtual Machines Together

OS requirements

1. OS must be 64-bit；
2. Linux kernel version at least 3.10；
3. iptables version at least 1.4；

More details in Install Docker CE from binaries。

The following can be used to check if the running system is 64-bit (x86_64).

Docker Product

Docker currently has 3 products, more details in Install Docker。

1. Docker Enterprise Edition (Docker EE)
2. Docker Community Edition (Docker CE)
   • Stable (release per quarter)
   • Edge (release per month)
3. Docker Cloud

Docker CE and Docker EE supper different distributions.

See also Docker Cloud for setup instructions for Digital Ocean, Packet, SoftLink, or Bring Your Own Cloud.

Installation

For RHEL、Oracle Linux、SLES, it can only install Docker EE which needs to register Docker Store first.

This document is focus on Docker CE which is just support CentOS/Fedora、Debian/Ubuntu.

Docker provides official installation document Install Docker Engine:

• Get Docker for CentOS
• Get Docker for Debian
• Get Docker for Ubuntu

Complete distro release version which are supported by Docker CE

CentOS

Install Docker

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

# Remove unofficial Docker packages
yum -q makecache fast
yum -y -q remove docker docker-{client,client-latest,latest,latest-logrotate,logrotate,common,selinux,engine,engine-selinux}

# Install Docker
curl -fsSL https://download.docker.com/linux/centos/docker-ce.repo | sed -n '/ce-stable-debuginf/,$d;/^$/d;p' > /etc/yum.repos.d/docker-ce.repo

# [docker-ce-stable]
# name=Docker CE Stable - $basearch
# baseurl=https://download-stage.docker.com/linux/centos/7/$basearch/stable
# enabled=1
# gpgcheck=1
# gpgkey=https://download-stage.docker.com/linux/centos/gpg

yum -q makecache fast
yum -y -q install docker-ce

Uninstall Docker

1
2

yum -y -q remove docker-ce
rm -rf /var/lib/docker

執行yum install docker-ce提示的GPG信息

1
2
3
4
5
6
7
8
9

# yum -y -q install docker-ce
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-selinux-17.03.1.ce-1.el7.centos.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for docker-ce-selinux-17.03.1.ce-1.el7.centos.noarch.rpm is not installed
Importing GPG key 0x621E9F35:
 Userid     : "Docker Release (CE rpm) <[email protected]>"
 Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
 From       : https://download.docker.com/linux/centos/gpg
setsebool:  SELinux is disabled.
libsemanage.semanage_direct_install_info: Overriding docker module at lower priority 100 with module at priority 400.

Debian/Ubuntu

Install Docker

The difference between Ubuntu and Debian

1. different package dependencies
2. different distribution name, codename

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

# remove old package
sudo apt-get -y remove docker docker-engine

versionId=$(awk '/VERSION_ID=/{print gensub(/.*"(.*)"$/,"\\1","g",$0)}' /etc/os-release)
codeName=$(awk '/VERSION=/{print gensub(/.*\((.*)\)"$/,"\\1","g",$0)}' /etc/os-release)
distroName=$(awk '/PRETTY_NAME=/{distro=gensub(/.*"([^ ]*) .*/,"\\1","g",$0);print tolower(distro)}' /etc/os-release)

case "${distroNam}" in
    debian )
        [[ "${versionId}" -gt 7 ]] && externalPack='software-properties-common gnupg2' || externalPack='python-software-properties'  # Wheezy 7
        ;;
    ubuntu )
        externalPack='software-properties-common'
        [[ "${versionId}" == '14.04' ]] && externalPack=${externalPack}" linux-image-extra-$(uname -r) linux-image-extra-virtual"   # Trusty 14.04
        ;;
esac

sudo apt-get -qy --no-install-recommends install apt-transport-https ca-certificates curl "${externalPack}"

# add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/${distroNam}/gpg | sudo apt-key add -
# sudo apt-key fingerprint 0EBFCD88

# add stable official repository
sudo bash -c "echo \"deb [arch=amd64] https://download.docker.com/linux/${distroNam} $codeName stable\" > /etc/apt/sources.list.d/docker.list"

sudo apt-get update 1> /dev/null
sudo apt-get -qy install docker-ce

unset externalPack
unset versionId
unset distroName
unset codeName

Uninstall Docker

1
2

sudo apt-get -qy purge docker-ce
sudo rm -rf /var/lib/docker

Start Docker Daemon

Start docker service

1
2
3
4
5
6

sudo systemctl status docker
sudo systemctl start docker
sudo systemctl enable docker

# testing
sudo docker run hello-world

Post-installation Configuration

Post-installation steps for Linux

Manage Docker As A Non-root User

Manage Docker as a non-root user

The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The docker daemon always runs as the root user.

If you don’t want to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.

Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.

Docker Daemon Attack Surface

• only trusted users should be allowed to control your Docker daemon
• if you run Docker on a server, it is recommended to run exclusively Docker on the server, and move all other services within containers controlled by Docker.

1
2
3

sudo groupadd docker
sudo usermod -aG docker $USER
# sudo gpasswd -a $USER docker

Access Remote API Through A Firewall

Allow access to the remote API through a firewall

If you run a firewall on the same host as you run Docker and you want to access the Docker Remote API from another host and remote access is enabled, you need to configure your firewall to allow incoming connections on the Docker port, which defaults to 2376 if TLS encrypted transport is enabled or 2375 otherwise.

Shell Script

Shell script is hosted on GitLab, usage info

1
2
3
4

# curl -fsL / wget -qO-

# if need help info, specify '-h'
wget -qO- https://gitlab.com/Maxdong/axd-ShellScript/raw/master/assets/software/Docker-CE.sh | bash -s --

Error Occuring

image has dependent child images

Fail to use command docker rmi to remove image whose tag name is <none>

Error response from daemon: conflict: unable to delete 978d85d02b87 (cannot be forced) - image has dependent child images

docker how can I get the list of dependent child images?

1
2
3
4

/var/lib/docker/image/btrfs/imagedb/content/sha256/

# docker 17.06.2-ce
/var/lib/docker/image/overlay2/imagedb/content/sha256

Solving it via deleting file begins with 978d85d02b87

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# get image id
[email protected]:~$ docker images | awk 'match($2,/none/){print $3}'
978d85d02b87

# remove image prompt error
[email protected]:~$ docker rmi 978d85d02b87
Error response from daemon: conflict: unable to delete 978d85d02b87 (cannot be forced) - image has dependent child images

# use sudo
[email protected]:~$ sudo -i

# enter target directory
[email protected]:~# cd /var/lib/docker/image/btrfs/imagedb/content/sha256/

# find file
[email protected]:/var/lib/docker/image/btrfs/imagedb/content/sha256# ls 978d85d02b87*
978d85d02b87aea199e4ae8664f6abf32fdea331884818e46b8a01106b114cee

# remove
[email protected]:/var/lib/docker/image/btrfs/imagedb/content/sha256# rm -f 978d85d02b87aea199e4ae8664f6abf32fdea331884818e46b8a01106b114cee

# verification
[email protected]:~# docker images | awk 'match($2,/none/){print $3}'
[email protected]:~#

Change Logs

• 2016.04.04 11:30 Thu Asia/Beijing
  • 初稿完成
• 2017.03.02 15:44 Thu Asia/Shanghai
  • 文檔重構
• 2017.03.03 16:49 Fri Asia/Shanghai
  • Docker官方文檔更新(分Docker EE、Docker CE、Docker Cloud)，文檔重構
• 2017.04.07 09:50 Fri Asia/Shanghai
  • 添加Error Occuring->image has dependent child images
• 2017.09.08 08:31 Fri Asia/Shanghai
  • 添加/var/lib/docker/image/overlay2/imagedb/content/sha256
• 2018.04.11 11:41 Wed America/Boston
  • 更新文檔鏈接，勘誤，遷移到新Blog